| Re: Digest Authentication [message #179867 is a reply to message #179865] |
Fri, 14 December 2012 03:31   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 12/13/2012 7:49 PM, dhtmlkitchen(at)gmail(dot)com wrote:
> Hi,
>
> I am trying to implement a password protected area of a site. I have never done this before.
>
> HTTP digest authentication seemed suitable for our low-level security requirements.
>
> Here is our PHP 5.3.6 configuration:
> http://thai-massage.com/phpinfo.php
>
> Here is the script I am using, from PHP.net:
> http://php.net/manual/en/features.http-auth.php#example-349
>
> The script is running here:
> http://thai-massage.com/dollar-school/PHP-PayPal-IPN-master/example/auth.ph p
>
> The login credentials are hard coded for sake of example. Eventually I want to get the password from a MySQL database.
>
> Results:
> * Cancel: "Text to send if user hits Cancel button"
> * Correct Login (guest/guest): Displays login prompt again
> * Incorrect Login (a/s): Displays login prompt again
>
> Expected results:
> * Cancel: "Text to send if user hits Cancel button"
> * Correct login (guest/guest): 'You are logged in as: guest"
> * Incorrect login: "Wrong Credentials!"
>
> Cancel is doing what I expect, but the login does not.
>
> What am I doing wrong? How can I get the result I want?
>
>
Back up and cancel that last post. From the headers it looked like you
were also trying to handle this in your httpd.conf or .htaccess file,
but on closer inspection I was wrong.
I don't see anything obviously wrong with the code, but you didn't post
the code you were actually using - just a reference to some code you
copied and modified.
You need to do some debugging of your code. First of all, you should be
doing this on a development machine (not a live server!), preferably
local. I would suggest you dump the appropriate variables (i.e. the
$_SERVER array) to a file (hint: see print_r()) so you can see exactly
what the script is getting. Then follow your logic with those values to
see what's going on.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]